[xwiki-devs] [gsoc] Re: Single Sign-On project

[Thomas Mortagne]

On Mon, Jun 30, 2008 at 11:45 AM, Markus Lanthaler
<mark_lanthaler at gmx.net> wrote:
> Hi Thomas!
>
>> I would say if OpenID is turned off then users created for OpenID or
>> attached to OpenId are unusable to authenticate if they don't have any
>> XWiki password. The default authenticator does not allows users to log
>> with empty passwords, this is enough to protect them I think. This
>> could be used when the administrator want to easily disable wiki
>> modifications for maintenance for example.
>
> Well, but that's not the only consequence. If you issue OpenID URLs (so that
> XWiki acts as the OpenID provider).. The users loose also access to all
> other websites where they used the XWiki OpenID URL. So we have to be very
> very careful about a "switch-off feature". I would suggest to enable/disable
> OpenID support during setup. If someone then really wants to turn it off he
> has to do that somehow manually (not through a GUI).

Agree that no ones should be able to do that using some GUI but anyway
at least now to switch authenticator you have to edit xwiki.cfg et
restart XWiki.

>
>
>> If we want to support only OpenID, OpenID4Java seems the better way to
>> do that in the short term for you to be sure to finish your GSOC. Now
>> in the long term we would surely choose one of the framework available
>> to easily add other supports latter I think... I seen that ESOE
>> provide a generic Confluence / Jira Integrator but can't find any
>> source/description.
>
> Yes that's clear. The thing that I don't understand is how exactly you would
> see support of one of these frameworks!? Does that mean that such a
> framework will be bundled and shipped with XWiki by default or that it is
> just an option? The frameworks are quite complex and setting them up
> properly isn't so easy as it seems at the first moment.
>
>
>>> If it's OK for you I would start creating the architecture and describe
>>> detailed how I would like to implement OpenID support with a OpenID
>>> library
>>> the next days. Then ask for some feedback on that and finally begin to
>>> implement this. My last exam is next Monday (July, 7th) so afterwards I'm
>>> finally free to work exclusively for XWiki :-)
>>
>> OK great.
>
> Just to be sure: Does that means that it is OK to start with OpenID
> integration using OpenID4Java? Or do you prefer Netmesh? As far as I know
> OpenID4Java is kind of the standard library used. On the other side Netmesh
> supports also LID (a similar protocol to OpenID created by Netmesh).

In the context of the GSOC, I think you should run with OpenID4Java.
But I'm not an expert of SSO/OpenId so it would be great to have
others comments on that, especially Sergiu.

>
> _______________________________________________
> devs mailing list
> devs at xwiki.org
> http://lists.xwiki.org/mailman/listinfo/devs
>



-- 
Thomas Mortagne